Security Basics mailing list archives
RE: Spyware drama!
From: "Dave Killion" <dkillion () charter net>
Date: Tue, 6 Jan 2004 10:23:55 -0800
FC, You could add signatures to an IDS/IPS/IDP system that detects the use of Spyware, and then hunt down the offending machine. Would require some work up-front, but save you time in the long run. A lot less invasive, as well. I know some of the major IDS/IPS/IDP vendors are adding those kinds of signatures to their products now. If you already own one, you're most of the way there. Otherwise, you could either look into one, or set up Snort on your own. Many of the Spyware apps use unique "User Agent" HTTP header fields (i.e. Gator uses UserAgent: Gator). Just a thought... -Dave
-----Original Message----- From: Francisco Mário Ferreira Custódio [mailto:fcustodio () eda pt] Sent: Monday, January 05, 2004 10:08 AM To: security-basics () securityfocus com Subject: Spyware drama! Hey everybody! I am having lot's of traffic in my network, due to those boring spywares that my "dear" users install everyday. I use "ad-aware pro" to clean the workstations, but I have 500+ workstations on my network... So I want to know if you guys ever eard about a tool to scan/clean "spyware" by IP address. Like...providing an admin password, the software would sweep a class C network...scanning/cleanning every machine on it. Thank you all. FC -------------------------------------------------------------- ------------- -------------------------------------------------------------- --------------
Attachment:
smime.p7s
Description:
Current thread:
- Spyware drama! Francisco Mário Ferreira Custódio (Jan 05)
- Re: Spyware drama! Jeremy Anderson (Jan 05)
- RE: Spyware drama! Dave Killion (Jan 06)
- RE: Spyware drama! Mike (Jan 08)
- Re: Spyware drama! Reinaldo UOL (Jan 09)
- Re: Spyware drama! Stimpy (Jan 12)
- RE: Spyware drama! Aditya [ Aditya Lalit Deshmukh ] (Jan 13)
- Re: Spyware drama! Stimpy (Jan 12)